-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-16:11.vmbus                                          Errata Notice
                                                          The FreeBSD Project

Topic:          Avoid using spin locks for channel message locks

Category:       core
Module:         vmbus
Announced:      2016-08-12
Credits:        Microsoft OSTC
Affects:        FreeBSD 10.3
Corrected:      2016-06-15 09:52:01 UTC (stable/10, 10.3-STABLE)
                2016-08-12 04:01:16 UTC (releng/10.3, 10.3-RELEASE-p7)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

The vmbus driver has a global lock hv_vmbus_g_connection.channel_msg_lock,
whose type is MTX_SPIN.  The lock is used to protect concurrent access to the
global pending message list hv_vmbus_g_connection.channel_msg_anchor.

II.  Problem Description

In some cases, sema_post() is invoked when the spin mutex is held.

III. Impact

Using sema_post() with a held spin mutex may trigger a system panic.

IV.  Workaround

No workaround is available, however FreeBSD virtual machines not running in
Hyper-V or Azure are unaffected.

V.   Solution

1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.  After which, reboot the
system.

2) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
After which, reboot the system.

3) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch
# fetch https://security.FreeBSD.org/patches/EN-16:11/vmbus.patch.asc
# gpg --verify vmbus.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

<for a kernel bug:>

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

The following list contains the correction revision numbers for each
affected branch.

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/10/                                                        r301925
releng/10.3/                                                      r303984
- -------------------------------------------------------------------------

To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:

# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base

Or visit the following URL, replacing NNNNNN with the revision number:

<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-16:11.vmbux.asc>
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJXrUsfAAoJEO1n7NZdz2rnyAgP/3ZQ6JLhVWjdHHQz13XyT32r
NjhZ5VWdL8ZOd4psbLTmqMh79KT4u/bMZ4RackAcpX2agnpPx8sDQL5kaRNypQuj
OC+rTyRy4J/TZTeX6OPA+TSwOS/yczdGFhgexk0AuxoqWN3j8yZ/P+DyTC7y5CmD
8Fc9lcTAyFP/OEwybprWesRsC6wS1hKKhzz32e+i2EONzU5Xk8V3rondLZ2cSC9h
UaeUqJHCbdIogWt7h0zD3WKbcYEwdTmE6MNFJenjWLaIJQkFxqYUfncK9nePm+v7
W/QfVhEMuClKJRQRI6hHC+XJU2BxoXVB7uuJxk4rfLYO+TynvJ8w2iAMpf6liQLM
ChvBsczIDHtha7z1uqMRHouywHgSc/YWXodMrRRbOjDfFFHzsTIE/ZVdAncGqxwQ
/b7VmBS4kZRG5KP0ip/SHRUR+Ououp79gOkIphsT8ikpQKyHQVfG9FL8desSpE8f
nTyAWwlbBuIid7PqLcFwlIZuqbx52eMWG3//bZNKnxrx2b9RILNRDbOOrwbD2VHq
n9mO2EKdEPQg+Fz4omwCcmK2kMhknvotQ9oWUOGFK6i/BqZ6q5PffH4lxTyTS+Jr
oDxHZ3jmSVFb7bcjCqYwqpvxloOXY3ChgfYvnq3OI8Ry5Y7rnI8sGmKFwgqWcSqE
KS1LNBSGT1A7/mpgzld7
=GPUS
-----END PGP SIGNATURE-----
